package com.boot.security.server.utils;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author Ming
 * @version 1.0
 * @date 2020/11/9 16:13
 * @Description
 */
public class XssUtils {
    private static Map<String, String> xssMap = new LinkedHashMap<String, String>();
    private static Map<String, String> xssNewMap = new LinkedHashMap<String, String>();

    static {
        init();
    }

    /**
     * 字符串格式化处理（实现字符串在回车换行和空格功能）
     * @param xml
     */
    public static String convertstr(String xmlorjson) {
        if (xmlorjson == null || "".equals(xmlorjson) || "null".equals(xmlorjson)) {
            return "";
        }
        //处理字符串
        String[] beforechar = {"<", ">", "￠", "£", "¥", "€", "§", "©", "®", "™", "×", "÷"};
        String[] afterchar = {"&lt;", "&gt;", "&cent;", "&pound;", "&yen;",
                "&euro;", "&sect;", "&copy;", "&reg;", "&trade;", "&times;", "&divide;"};
        for (int i = 0; i < beforechar.length; i++) {
            xmlorjson = xmlorjson.replaceAll(beforechar[i], afterchar[i]);
        }
        xmlorjson = xmlorjson.replaceAll("\n", "</br>");
        xmlorjson = xmlorjson.replaceAll(" ", "&nbsp;");
        xmlorjson = xmlorjson.replaceAll("\t", "&nbsp;&nbsp;&nbsp;&nbsp;");
        return xmlorjson;
    }

    public static String convertStr(String xmlorjson) {
        if (xmlorjson == null || "".equals(xmlorjson) || "null".equals(xmlorjson)) {
            return "";
        }
        //处理字符串
        String[] afterchar = {"<", ">", "￠", "£", "¥", "€", "§", "©", "®", "™", "×", "÷"};
        String[]  beforechar= {"&lt;", "&gt;", "&cent;", "&pound;", "&yen;",
                "&euro;", "&sect;", "&copy;", "&reg;", "&trade;", "&times;", "&divide;"};
        for (int i = 0; i < beforechar.length; i++) {
            xmlorjson = xmlorjson.replaceAll(beforechar[i], afterchar[i]);
        }
        xmlorjson = xmlorjson.replaceAll("&nbsp;", " ");
        xmlorjson = xmlorjson.replaceAll("</br>", "\n");
        xmlorjson = xmlorjson.replaceAll("&nbsp;&nbsp;&nbsp;&nbsp;", "\t");

        return xmlorjson;
    }





    public static void init() {
        // 含有脚本： script
        xssMap.put("[s|S][c|C][r|R][i|C][p|P][t|T]", "");
        // 含有脚本 javascript
        xssMap.put("[\\\"\\\'][\\s]*[j|J][a|A][v|V][a|A][s|S][c|C][r|R][i|I][p|P][t|T]:(.*)[\\\"\\\']", "\"\"");
        // 含有函数： eval
        xssMap.put("[e|E][v|V][a|A][l|L]\\((.*)\\)", "");
        // 含有符号 <
        xssMap.put("<", "<");
        // 含有符号 >
        xssMap.put(">", ">");
        // 含有符号 (
        xssMap.put("\\(", "(");
        // 含有符号 )
        xssMap.put("\\)", ")");
        // 含有符号 '
        xssMap.put("'", "'");
        xssMap.put("\\/", "");


    }


    /**
     * 清除恶意的XSS脚本
     */
    public synchronized static String cleanXSS(String value) {
        String result = value;
        for (Map.Entry<String, String> entry : xssMap.entrySet()) {
            String key = entry.getKey();
            String val = entry.getValue();
            result = result.replaceAll(key, val);
        }
        return result;
    }

}
